Two recent news items have me wondering about what can or should be done about foreign governments hacking. First is a recent hack that includes Michelle Obama’s passport. Another is about a half billion yahoo email accounts being hacked.
The presumption seems to be that these hacks were conducted by either the Russian or Chinese governments. I’m not knowledgeable about how hacking works, but I do wonder if anything can be done about this kind of stuff. What do you all think? Please move to another forum if appropriate.
China is and has been one of the largest hackers of US government AND corporations for years now, so this isn’t a new thing. They devote ungodly amounts of resources towards hacking, and actually have an entire system designed to take hacked information by their government agencies and get it to Chinese corporations to use in products and services to compete with and/or destroy US businesses. They have written white papers on the use of hacking in cyberwarfare and how to do this effectively to achieve their ends. Russia has much the same thing, though in one respect Russia has less of a budget and also less of a focus on business verse government hacking, and on the other they are more sophisticated (the Chinese take more of a brute force approach).
What can be done? Not a lot, to be honest. Obama has already told the Chinese (and probably the Russians as well) to cool it or the US will retaliate, but aside from that there isn’t much we can do short of reprisal cyber-attacks (which most likely we are doing already…the Chinese in particular have had some issues especially with their ISP connections and their Great Firewall of China thingy).
Honestly, what effect do you think this would have on the CCP, who are the ones initiating these attacks? Do you think it would make them stop? :dubious: Hell, they don’t even acknowledge, when we show them concrete proof, that they are doing it. They don’t even acknowledge that they HAVE a cyber-warfare group or do cyber attacks…in fact, like Russia in the Ukraine, they completely and with a straight face deny any involvement and say it’s 3rd parties and independent groups operating from inside their system (:dubious:…:p).
In short, your suggestions wouldn’t work and would probably make things worse all around. If there was a simple solution then we would have hit on it already. The most effective thing so far has been Obama basically talking face to face with Xi and telling him directly to back off. There are problems with this, though, even if it works in the short term.
Part of the problem is that the US is also ‘hacking’ basically everything. Businesses, foreign nationals, our own nationals, hostile governments, neutral governments, even friendly governments, the NSA is collecting data on everything, via means that are different from those used by Russia and China only in sophistication.
They’re not giving that data to businesses for competitive advantage, but it’s hard to go to the Chinese and say “Look, we both know we’re all spying on everything, but it’s outrageous that you’re sharing the information you uncover!”
IME (I used to work in military aerospace) and from what I’ve heard the Chinese are much more aggressive in their spying. And American agencies most certainly do help American companies.
WRT China, a big problem is that much of the infrastructure of the internet is built on Chinese equipment. Does any of it have back doors? Very probably.
[QUOTE=TheSeaOtter]
They’re not giving that data to businesses for competitive advantage, but it’s hard to go to the Chinese and say “Look, we both know we’re all spying on everything, but it’s outrageous that you’re sharing the information you uncover!”
[/QUOTE]
So, you see no difference in using a sovereign state’s cyber power to spy on a private corporation, steal their proprietary code or systems, give that to your own state sponsored corporations and help them reverse engineer that so they can then undercut the foreign company and steal their market share (not to mention using your court system to back them up on patents and trademarks)? It’s all the same to you?
Does the US spy on other countries and foreign nationals? Of course they do. But there is a huge difference between what we are doing and what they are doing…and what we ACTUALLY were bitching about to them (the Chinese) was this, not them hacking our government systems, which, as you cleverly pointed out, everyone does.
As for the Russians, that’s more a gray area wrt this discussion. Hillary and the Democratic party are part of the US government, so that’s fair game I suppose. It’s not how the US would do it (or China in this case), but you have a better case here for ‘everyone does it so the US shouldn’t whine’ than the other, IMHO.
Really, the solution would be to apply revisions to network traffic to make malevolent traffic more traceable and blockable.
Unfortunately, that’s probably not really possible to accomplish, for at least the following reasons:
The traffic logs that it would necessitate would be too large for most organizations to maintain.
Spying on individual traffic usage would actually be easier since more information would be included in the requests to prevent spoofing and obfuscation.
It would prevent us from hacking others as easily.
Getting everyone onto it, given the above, would be basically impossible.
This is what should be done. Nothing else CAN be done. Attribution is notoriously difficult, and the US is not going to go to war because some Yahoo accounts were stolen.
These aren’t even “attacks” in the military sense anyway, they are cyber espionage. Only the means are different from the traditional industrial espionage that has been going on forever.
A strong focus on actually securing these systems, along with adequate punishments for those who approve inadequate security in a company or government agency is the only thing that will counter these types of intrusions.
A better information sharing policy would also help. There have been recent laws passed to enhance information sharing with the government, but nothing for company to company. For instance, how was the Yahoo breach carried out? What vulnerabilities, poor security practice, or other means were used to steal the accounts? What patches, configurations, or policies should be in place in order to stop a similar breach in the future?
Well, first off there isn’t any proof, afaik, that the US was the one who did that attack. There are certainly indications it MIGHT have been us, based on the code used, but no smoking gun. Could have been Israel, could have been another country concerned with Iran’s nuclear program.
Secondly, that seems a bit different, again, to what China is doing. A lot of people seem to equate a nation-state spying on or even doing cyber attacks against other nation states with nation states who are using their cyber programs and resources to attack, well, everything and anything. There is a huge difference, IMHO, between attacking Iran’s (illegal) nuclear program using cyber attacks and a nation state attacking a corporation, stealing their intellectual property, handing that data over and even helping their own state-sponsored companies to reverse engineer or otherwise use that data to put out cloned or pirated versions of the software or hardware, then using their own court system to legitimize the state-sponsored companies claims. I guess I’m the only one who sees this as a problem since so many responses seem to be ‘well, the US does it’…meaning that if the US spys then other countries can do what they like, cyber wise, since it’s all exactly the same.
Perhaps you’re not old enough to remember the widespread European allegations that Euro-corporate information was deliberately gathered by the NSA ECHELON project for the purpose of funneling it directly to their US corporate competitors. As a deliberate matter of statecraft. Secret statecraft, but statecraft nevertheless.
I can’t say for sure the allegations were accurate. I also can’t say they weren’t. Many supposedly informed sources at the time said they were.
I suppose where you and I differ about the e.g. Chinese is that you sound outraged. My reaction is more “Well duh! Of *course *they’re doing it. As long as it’s physically possible and clandestine enough to avoid a prompt shooting war, everyone does it to everyone else at the limit of their ability and budget. For whichever irritatingly hostile ‘it’ you care to name.”
The idea that we’re the Good Guys and they’re the Bad Guys is fundamentally flawed and naïve. Reality is much closer to we’re the OK-to-Mildly-Bad Big Guys and they’re the Bad-to-Worse Slightly-Smaller Guys.
Most of Americans’ angst is more about becoming less extra-big versus the opposition rather than about being less extra-good versus the opposition.
Solutions:
Defend better. Which includes widespread regulation of corporate security with draconian penalties for any cover-ups of breaches. And with little regard for the costs imposed on our corporations. Because those costs will be instead of the costs currently imposed on US industry at large by the e.g. Chinese hackers.
Complain more loudly and more publicly to the e.g. Chinese about their behavior. Make sure their citizens know about this. And that their government is not fooling anyone with the innocent “who? me?” routine.
Do the same thing to them twice as hard. All day every day. Spend what it takes. Just be ready for whatever happens next. IOW, never open a can of worms unless you’re preared to eat all the worms.